ID

VAR-201906-1027


CVE

CVE-2019-10989


TITLE

WebAccess/SCADA Buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-005814

DESCRIPTION

In WebAccess/SCADA Versions 8.3.5 and prior, multiple heap-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution. Note: A different vulnerability than CVE-2019-10991. WebAccess/SCADA Contains a buffer error vulnerability. This vulnerability CVE-2019-10991 Is a different vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x11372 IOCTL in the webvrpcs process. An attacker can leverage this vulnerability to execute code under the context of Administrator. Advantech WebAccess/SCADA is a browser-based SCADA software from Advantech, Taiwan. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess/SCADA is prone to the following security vulnerabilities: 1. A directory-traversal vulnerability 2. Multiple stack-based buffer-overflow vulnerabilities 3. Multiple heap-based buffer-overflow vulnerabilities 4. Multiple remote-code execution vulnerabilities An attacker can exploit these issues to execute arbitrary code in the context of the application, modify and delete files, use directory-traversal sequences (â??../â??) to retrieve arbitrary files, escalate privileges and perform certain unauthorized actions or obtain sensitive information. This may aid in further attacks. Advantech WebAccess/SCADA Versions 8.3.5 and prior versions are vulnerable

Trust: 3.96

sources: NVD: CVE-2019-10989 // JVNDB: JVNDB-2019-005814 // ZDI: ZDI-19-591 // ZDI: ZDI-19-590 // CNVD: CNVD-2019-32464 // BID: 108923 // IVD: a3a80884-2713-49f5-a1e2-0b387c0701cc // VULHUB: VHN-142590

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: a3a80884-2713-49f5-a1e2-0b387c0701cc // CNVD: CNVD-2019-32464

AFFECTED PRODUCTS

vendor:advantechmodel:webaccessscope:lteversion:8.3.5

Trust: 1.8

vendor:advantechmodel:webaccessscope: - version: -

Trust: 1.4

vendor:advantechmodel:webaccess/scadascope:lteversion:<=8.3.5

Trust: 0.6

vendor:advantechmodel:webaccess/scadascope:eqversion:8.3.5

Trust: 0.3

vendor:advantechmodel:webaccess/scadascope:eqversion:8.3.4

Trust: 0.3

vendor:advantechmodel:webaccess/scadascope:eqversion:8.3.2

Trust: 0.3

vendor:advantechmodel:webaccess/scadascope:eqversion:8.3

Trust: 0.3

vendor:advantechmodel:webaccess/scadascope:eqversion:8.1

Trust: 0.3

vendor:advantechmodel:webaccess/scadascope:eqversion:8.0

Trust: 0.3

vendor:advantechmodel:webaccess/scadascope:eqversion:7.2

Trust: 0.3

vendor:advantechmodel:webaccess/scadascope:neversion:8.4.1

Trust: 0.3

vendor:webaccessmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: a3a80884-2713-49f5-a1e2-0b387c0701cc // ZDI: ZDI-19-591 // ZDI: ZDI-19-590 // CNVD: CNVD-2019-32464 // BID: 108923 // JVNDB: JVNDB-2019-005814 // NVD: CVE-2019-10989

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI: CVE-2019-10989
value: CRITICAL

Trust: 1.4

nvd@nist.gov: CVE-2019-10989
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-10989
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2019-32464
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201906-1078
value: CRITICAL

Trust: 0.6

IVD: a3a80884-2713-49f5-a1e2-0b387c0701cc
value: CRITICAL

Trust: 0.2

VULHUB: VHN-142590
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-10989
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-32464
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: a3a80884-2713-49f5-a1e2-0b387c0701cc
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-142590
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ZDI: CVE-2019-10989
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.4

nvd@nist.gov: CVE-2019-10989
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-10989
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: a3a80884-2713-49f5-a1e2-0b387c0701cc // ZDI: ZDI-19-591 // ZDI: ZDI-19-590 // CNVD: CNVD-2019-32464 // VULHUB: VHN-142590 // JVNDB: JVNDB-2019-005814 // CNNVD: CNNVD-201906-1078 // NVD: CVE-2019-10989

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.1

problemtype:CWE-119

Trust: 0.9

sources: VULHUB: VHN-142590 // JVNDB: JVNDB-2019-005814 // NVD: CVE-2019-10989

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201906-1078

TYPE

Buffer error

Trust: 0.8

sources: IVD: a3a80884-2713-49f5-a1e2-0b387c0701cc // CNNVD: CNNVD-201906-1078

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-005814

PATCH

title:Advantech has issued an update to correct this vulnerability.url:https://www.us-cert.gov/ics/advisories/icsa-19-178-05

Trust: 1.4

title:Advantech WebAccessurl:https://www.advantech.co.jp/industrial-automation/webaccess

Trust: 0.8

title:Patch for Advantech WebAccess/SCADA Buffer Overflow Vulnerability (CNVD-2019-32464)url:https://www.cnvd.org.cn/patchInfo/show/181497

Trust: 0.6

title:Advantech WebAccess/SCADA Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=94181

Trust: 0.6

sources: ZDI: ZDI-19-591 // ZDI: ZDI-19-590 // CNVD: CNVD-2019-32464 // JVNDB: JVNDB-2019-005814 // CNNVD: CNNVD-201906-1078

EXTERNAL IDS

db:NVDid:CVE-2019-10989

Trust: 5.0

db:ICS CERTid:ICSA-19-178-05

Trust: 2.8

db:ZDIid:ZDI-19-591

Trust: 2.4

db:ZDIid:ZDI-19-590

Trust: 2.4

db:BIDid:108923

Trust: 1.5

db:CNNVDid:CNNVD-201906-1078

Trust: 0.9

db:CNVDid:CNVD-2019-32464

Trust: 0.8

db:JVNDBid:JVNDB-2019-005814

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-8068

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-8067

Trust: 0.7

db:AUSCERTid:ESB-2019.2350

Trust: 0.6

db:IVDid:A3A80884-2713-49F5-A1E2-0B387C0701CC

Trust: 0.2

db:VULHUBid:VHN-142590

Trust: 0.1

sources: IVD: a3a80884-2713-49f5-a1e2-0b387c0701cc // ZDI: ZDI-19-591 // ZDI: ZDI-19-590 // CNVD: CNVD-2019-32464 // VULHUB: VHN-142590 // BID: 108923 // JVNDB: JVNDB-2019-005814 // CNNVD: CNNVD-201906-1078 // NVD: CVE-2019-10989

REFERENCES

url:https://www.us-cert.gov/ics/advisories/icsa-19-178-05

Trust: 4.2

url:https://www.zerodayinitiative.com/advisories/zdi-19-591/

Trust: 2.3

url:https://www.zerodayinitiative.com/advisories/zdi-19-590/

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2019-10989

Trust: 1.4

url:http://www.securityfocus.com/bid/108923

Trust: 1.2

url:http://webaccess.advantech.com

Trust: 0.9

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10989

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2019.2350/

Trust: 0.6

sources: ZDI: ZDI-19-591 // ZDI: ZDI-19-590 // CNVD: CNVD-2019-32464 // VULHUB: VHN-142590 // BID: 108923 // JVNDB: JVNDB-2019-005814 // CNNVD: CNNVD-201906-1078 // NVD: CVE-2019-10989

CREDITS

Mat Powell of Trend Micro Zero Day Initiative

Trust: 1.4

sources: ZDI: ZDI-19-591 // ZDI: ZDI-19-590

SOURCES

db:IVDid:a3a80884-2713-49f5-a1e2-0b387c0701cc
db:ZDIid:ZDI-19-591
db:ZDIid:ZDI-19-590
db:CNVDid:CNVD-2019-32464
db:VULHUBid:VHN-142590
db:BIDid:108923
db:JVNDBid:JVNDB-2019-005814
db:CNNVDid:CNNVD-201906-1078
db:NVDid:CVE-2019-10989

LAST UPDATE DATE

2024-08-14T14:12:21.331000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-19-591date:2019-07-02T00:00:00
db:ZDIid:ZDI-19-590date:2019-07-02T00:00:00
db:CNVDid:CNVD-2019-32464date:2019-09-21T00:00:00
db:VULHUBid:VHN-142590date:2023-03-02T00:00:00
db:BIDid:108923date:2019-06-27T00:00:00
db:JVNDBid:JVNDB-2019-005814date:2019-07-02T00:00:00
db:CNNVDid:CNNVD-201906-1078date:2020-08-25T00:00:00
db:NVDid:CVE-2019-10989date:2023-03-02T15:58:46.100

SOURCES RELEASE DATE

db:IVDid:a3a80884-2713-49f5-a1e2-0b387c0701ccdate:2019-09-21T00:00:00
db:ZDIid:ZDI-19-591date:2019-07-02T00:00:00
db:ZDIid:ZDI-19-590date:2019-07-02T00:00:00
db:CNVDid:CNVD-2019-32464date:2019-09-21T00:00:00
db:VULHUBid:VHN-142590date:2019-06-28T00:00:00
db:BIDid:108923date:2019-06-27T00:00:00
db:JVNDBid:JVNDB-2019-005814date:2019-07-02T00:00:00
db:CNNVDid:CNNVD-201906-1078date:2019-06-27T00:00:00
db:NVDid:CVE-2019-10989date:2019-06-28T21:15:11.243